Hackers hijack a super yacht with simple GPS spoofing, and planes could be next

This site may earn affiliate commissions from the links on this page. Terms of use.

About a year ago, Todd Humphreys and his team from the University of Texas called GPS navigation into serious question. Using just a few simple pieces of equipment, a roughly $3,000 investment dwarfed by what cyber-criminals often invest in hardware, they were able to steer a small drone badly off course. It was a blunt instrument, just capable of messing with the drone’s sense of direction and, potentially, sending it careening into the ground. The demonstration was so worrying that Humphreys soon found himself testifying before Congress, and sitting in meetings with everyone from the FAA to the Pentagon.

Still, how much harm would it really do? Military GPS devices use encrypted signals specifically to prevent attacks of this kind, and it’s not like the team could actually control these drones through global positioning. It was just a highly sophisticated form a vandalism, and exploited a loophole in GPS technology that, surely, would not remain open for long. More than year later, not only does that loophole remain glaringly open, but Humphreys and team have refined their software significantly. This week, they boarded a 210-foot super-yacht by the name of White Rose of the Drachs and used the exact same technique to leave its captain and crew stunned and helpless.

All you have to do is introduce a signal stronger than the one generated by these satellites.

With just a laptop, a small antenna, and a GPS “spoofing” device, the team fed a stronger signal to the yacht’s steering system than the genuine one, incoming from actual GPS satellites. By doing this, they essentially tricked the ship’s computer into believing it was somewhere it was not, causing it to adjust its heading to stay on course. This is an insidious form of attack because the ship’s navigation technology will continue to report that the ship is both on course and precisely where it is supposed to be — even if neither of those things is true. By slowly “sliding” the ship into a parallel course, they ensure that even a conventional compass will show the correct direction. Course changes have to be gradual, so time-of-flight calculations remain close to correct and the ship never totally loses its signal lock. But that seems to be the only restriction.

The team was able to steer the ship to port or starboard at will, and the crew was totally unaware that anything was wrong. Captain Andrew Schofield told Fox News he was “gobsmacked,” when he found out what had been done to his ship, as was the entire deck team. His $80 million baby could have easily been run into a sandbar or reef. Running it aground is unlikely — the crew still have eyes — but maritime workers have come to rely on navigation technology to keep them from running afoul of all sorts of less obvious dangers. This spoofing attack undermines the trust these professionals put in their navigation systems. Even slightly interfering with a large amount of sea traffic could hamper trading ports, and potentially throw a wrench into large-scale economies.

Planes, too

Never one to shy from scaring the living daylights out of the public, Humphreys has made the implications of his research very clear: even a commercial airliners are vulnerable to this spoofing attack, and can be steered far off course while instruments tell the pilots they are perfectly within their lanes. Midair collisions could be a threat, but those are most likely near airports, where GPS is not the main source of navigational data. Besides, pilots and skippers still have complete control of their craft, and will intervene to stop most of the truly devastating possible consequences.

This is likely most relevant to unmanned technology, like drones. Here’s a ploy: order a pizza by drone to a house down the street. When the drone arrives, use this spoofing technology to direct it over to your waiting car. Quickly remove its positioning system, and drive away. Voila: free drone (and pizza). Just paint over the Domino’s logo, and you’re good to go.

But we shouldn’t make light of the dangers involved here. As the world learned so powerfully with the wreck of the Costa Concordia, even a properly functioning vessel requires constant vigilance. Aircraft hang even more precariously, and can endure even less uncertainty. If you could manage to get a wirelessly controlled antenna and spoofing device on-board in the baggage area, anything from a laptop to a smartphone could be made to control them. Nerds generally scoff at strict prohibitions against electronic devices on planes — but with this advance we might just have gotten a real reason for the lockdown.

The solution here is as obvious as it is difficult: implement the P(Y)-code encryption used by military assets in a wider range of civilian technology. This would be expensive on the receiving end and put a heavy burden on the satellite networks, especially if expanded to more than just major commercial airliners and security-relevant ships. It may just be necessary, however. How long did we really think we could continue to lean ever more heavily on a 40-year-old technology without at least a few serious upgrades?

Surely there are a few other relatively simple ways of solving this particular problem, rather than just encryption (which we know will eventually be broken). First, build directional intelligence into GPS. If you’re going to spoof my GPS, you need to be in the same direction as the satellites (i.e. bloody high in the sky).

Second, distance awareness. Now this is easier if you’re doing bi-directional communications, where you can measure how long the signal is taking to travel there and back. If you send a request for position and the response comes in too quickly, you’re being spoofed.

Third, other instruments. GPS should never be the only thing you rely upon. Things like magnetic field measurement may be able to give you some clues regarding location, and there are probably other fairly sophisticated ways to cross-check your GPS data.

None of these are “overnight” solutions, but they are scientific solutions that can’t just be broken the way you’d break encryption.

Another_Lurker

The problem is relative signal strength. The satellite signals are by nature very weak so a modest signal can swamp the satellite signal. This is very similar to RF jamming by using a stronger signal to override the weaker.

douzo

Everytime I read a hacking article like this I think about the future where (eventually) cyborg implants become commonplace…and the hacks then will be TRULY scary!

Luke

If you’d done your research you’d know that planes use the GPS alongside an inertial reference system (INS) made of mechanical gyros and accelerometers that do not rely on external signals. If there was a discrepancy between the two the pilots would know in an instant, and could rely on old fashioned radio navigation aids (that precisely measure distances to radio antennas on the ground) to remove any doubt.

This site may earn affiliate commissions from the links on this page. Terms of use.

ExtremeTech Newsletter

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.